IIS Redirect to HTTPS and keep your query string

With browsers moving forward with marking all HTTP sites as insecure by default, a lot of sites are now being upgraded to https. If your site is hosted on IIS that is by itsself a simple procedure:

  • Pick the website or virtual directory you want to redirect
  • Click HTTP Redirect in the management console
  • Check ‘redirect requests to this destination

While that works great for basic redirects, many people now find that the querystring is not passed along, making the redirect less then perfect. Here is the way to fix that:

  • Enter the new path like this: https://mydomain.com$S$Q
  • Check ‘Redirect all requests to the exact location

The added URL parameters trigger the addition of your querystring, and make your redirect complete. For bonus points, you should generaly want to change the status code to ‘301 permanent’, and add an additional header telling browser to connect directly to the HTTPS version in the future skipping the HTTP version and the redirect alltogether.Toi archive this:

  • Add a custome header with the name Strict-Transport-Security
  • Set the content as max-age 31536000

This tells your visitor to directly connect to the https version for the next 31536000 seconds. (in this case a year)